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(54) Secure data processing method and system 



(57) A secure data processing system comprises a 
central processor unit (11), memory (12) and a security 
circuit (15) in the form of an application specific integrat- 
ed circuit. The security circuit has a cryptographic en- 
gine (19) and a cryptographic key store (18). 

The cryptographic engine operates on the contents 
of the cryptographic key store to generate a digital sig- 
nature. Means are provided to generate a digital signa- 



ture from a software or hardware component to be 
checked for authenticity and to compare the digital sig- 
nature from the component with the generated digital 
signature. An indication of the authenticity of the com- 
ponent is generated as a result of the comparison. The 
components of the system that can be checked include 
the boot firmware (16) for the system, the operating sys- 
tem and plug-in cards (13) for the system. 
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Description 



The present invention concerns a secure data processing m«rh^^ . 
financial terminal. processing method and system and .s of particular application to a 

5 In a data processing system it is usual to provide a D mnr amm3 Ku . , 

software and hardware components. ., is desira^C-^^ mem0f V — ^ 

or operator of the system can trust all of the software ar^rZ^^Z^ ? h , ^T™* Whefe ,he user 
some means has to be provided to decide whether the ^t^TTST SyS,6m T ° 3Chieve this *j«tive 

. initial inflation of the components or at a Uto^^^^^T™ ^ ^ COmpromis <* ^ilher at 
For a data processing system inc.uding a programmabl ^centra, nTrl COmp0nen,S are intfodu «d to the system, 
operating system of the central processor unit. If phST^^S^T^H " " «° au,hen '^'e the 

system it is also important to authenticate these plug % carts e m a fn t V'**** * ^ func,i °™% of the 
processing system must be such as to provide securfty foMhe authenTc^ authen,lca '« «h« components of the data 
is to be re.iab.e in detecting any compromise of the ^^^T^Z^ " ,he -^•".fcatton process 
" It ,s therefore an object of the present invention to provide an effects mp*«rt »«h . . 

components of a data processing system in order to determine the aufhl, 7 '° r ,6S,in 9 one or "»«» 

According to the present invenL there is l^S^^^T^. * ^ ,SS,ed com P<™nt or components, 
components of a data processing system whichTo includes a lorZ^L? fT"^ ° f ^ °™» W« 
curitycircui, having a cryptographic engine, and a cryptog^ memory ase- 

» one or more keys into the cryptographic key store operat no on tl I™, 7 71 com P r,s,n 9 ^ steps of entering 
ofthecryptographicenginetTgen^ 

generating a digital signature from the component to be authentfcatS ^ * tne .^em to be authenticated, 
comparing the digital signature generated by the cryttoaraDh.c inl £? 'J^? ° 9 ' ndiCati ° n °' ^^enticity by 
authenticated. y me cr yP'°9raph.c engine with that generated from the component to be 

25 Further according to the present invention there is provided a data B«y..««in«. . • , 

ponents to be checked for authenticity, a programmable^. ~ ST 9 V em ,nClUding ° ne or more c °«> 
a cryptographic engine and a cryptographic ke sTore for stLU no! 9 ' 3nd 3 S6CUri,v circurt na ™9 

engine being adapted to operate! l/co^^c^Z Z^ST'T T ^ 
enced to a component of the system to be checked for aXnS Lh L 9 3,8 3 d ' 9ital ^^re refer- 

50 = ~ 

The invention wi„ now be dLrJ ^^T^^ 

Figure , shows a b.ock diagram of a data processing system according to the present invention. 
Figure 2 shows detail of a security circuit included in the system of Figure 1 . 
Figure 3 shows a flow diagram of the operation of the system of Figures 1 and 2, and 
« Figure 4 shows a flow digram renting to the update of cryptographic keys used in the system of Figures i and 2 

or a SrSrt V^nSEZ? 9 SXS,em 10 "** ^ bS - «~»* — ^em 
Plug-in cards 1 3. permanent storage H a secur'y « i sT^T " ' * ' * '° f additional 

« (ASIC) and boot firmware 16. The component o h S nfJ. ° 3pp,ication s P ecific ^grated circuit 

data bus 17 in conventional manner 3 ^ SLS^S? 7 T'™ 10 by meanS °' 3 P rocessor 

operating system (OS) in a manner ,n 3ddi,i ° n the «*»««" ™s under an 

^a^^ rsTc^rrhic? 2 R ir g now ,o F,9ure *■ - «™* 15 **- a 

interface firmware 2 1an P d an UObutScomS 

both symmetric and asymmetric algorithms. The control an^^rt^an^^^ , i^ ra ^ ,e 1 9 SUPP ° rtS 

start-up of the data processing system 'nterfac.ng firmware 21 is des.gned to perform the initial 

cJ!T^.^^^j^ ^ SyS,6m " ^ ^ and P — ds *»> *• Mcuriy 

^f— 
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whiTh« S) ;i he ' ifmWara f P ' U9 ' in CafdS 1 3 ' 3nd ,h8 b00t ' if mware 1 6 Tha invenlion ™V ^ applied to a sys.em 
^1T» I m ° re , 0r ,eW9f SyS,Sm COm P° nen,s to be authenticated than the system depic.eS in Figure T For 

.^Si^srsr may no ' provide tor ,he p,u9 - in cards 13 and in ,his case provision ™ ^ - qU iied F s 

Each of the components of the system which are to be authenticated includes a digital signature which is embedded 
,n the f.rmware of the component. The digital signature is embedded at a predefined location and is cre^ed by the 
suppher of the component as par, of the manufacturing process. The algorithm for generating the digital s gn^ure uses 
an asymmetnc key pa.r, w.th the vendor supp.ier keeping the private key securely and distributing the pulTc key w'h 

T e SE^-srsr The pub,ic key is en,ered in, ° the — 15 — - <— s s:: 

The creator of each of the cryptographic keys entered into the circuit 1 5 will depend on the source of th« mmn™*nt 
to which the keys relate. The keys may be symmetric or asymmetric and validat^ 

system according to the cryptographic process determined within the security circuit 15 The aut^S^^ 
is tamper proof by reason of the fact that the process is contained within theLurity AS.C 15 an « is ^TeaSe to 
alter the contents of this ASIC. The security system can not be disabled. 
A number of keys are pre-defined as shown in the following Table 1 : 
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Key Name 
Boot 



Type 
Asymmetric 



.TABLE 1 



Use 

Creator 
Validation of 
boot firmware 
by ASIC 15 



30 



35 



40 



45 



SO 



55 



Cards (1-x) 



OS 



Asymmetric 



Symmetric 



The creator 
of the card 
firmware for 



ASIC 
The creator 
of boot 
firmware 
Validation of 
firmware of 
cards (1-x) 
cards (1-x) 
Validation of 
operating 
system boot 
Automatically 
generated by 
the ASIC (15) 

The process of starting up the data processing system of Figures 1 and 2 is shown in the flow diagram of Figure 

MrtS^SlZ^ ° n St6P 23 ^ fONOWed by PfOCeSS ° r Staft " Up St6p 24 and lhe execution at 

luTt^t Srom ? R °iI e A > deC '?°° iS taken at slep 26 lhe boot ke * has been ,oaded ™« validate 

n ^ ol P 306 ' n SteP 27 6,ther difeCtly ° r Via Step 28 if the boot kev has *<> be entered. The process 

of vahdat.on ,n step 27 comprises the generation within the ASIC 15 of the expected digital signature using the 'boot' 
key. The generated d.g.tal signature is then compared to the actual digital signature from the boot PROM 16 and an 
indication is generated in step 29 whether the boot PROM is valid. If not valid, the process in Figure 3 is stopped 
it the boot PROM 16 is validated, the process continues through the step 30 to execute the boot PROM and then 

the 9 numhf h ° pe H rat t° n eaCh ° f P,USHn CafdS 13 * ,n the f,OW dia 9 ram of Fi 9 ure 3 « card x (where x is 

LmeroH fn h J IS °,T I ,!? tUm> ,S Ch6Ck8d by determinin 9 in ste P 32 if the corresponding card key has been 
34 t he JTh* f S, h ^ w 3 ^ 9 ^ 6 ^ 8 in SteP 33 Gither difeCt,y if the key has been entered - or via the step 
I Jl^ 3 k T h k - V *" dati0n ° f 6aCh P,U9 ' in C3rd 1 3 iS achieved bv comparison of the digital signature 
f^^H^y™?^ cryptographic engine 19 with the digital signature embedded in the card using the ap- 

th ca^d imh ( h 6 X ,S S 6 k^'^ ° f e3Ch Card token " tUra An indication is 9 Qnerated in «*P 35 whether 
the card is valid. If the card is valid, the card initial code is executed in step 36 

If there are succeeding cards to be validated, this is determined in step 37 and the validation of all the cards 
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continues until all have been validated. Followina validation of iho ^ a ,n« t. . 

an indication provided in step 39 if the boo. Tcord^s Sid Thl , ^ reCOrd * Va ' ida,9d in Step 38 a "°" 

erating a digital signature tor the cf^^^^J^^^^ ,n S,ep 38 is <> ert °'™* by gen- 
signature stored in the digital signature s.o^ 2 7th e t», ^^^^^T^J^-'^ 'N"' 
40 and the system is running me 0001 record ls v a''d. the boot record code .s executed in step 

™;7 P zrr?^ 



20 



2$ 



30 



re.oene,a,e a lS.i«»^^"c^ ( fo^ ly 55 «2;™ U °" °°™*<° ^ <*»•> ■*"=«». -in. 

15. For eiampte mey could J ^W^ZS, S™" „! *'° r £ '".f"" 9 '' ^ ASI = 

mak. II impossible lo alter or replace In. toys V """ ASIC 15 ™"'« 

Claims 

4 ' .trTys 3 ^'^ 6 ' ^ C ' aim * Wh6rein 3 COmp ° nent ,0 66 Ch6Cked - comprises boo, firmware (1 6) 

SO 

5. A system as c.aimed in Cairn 3 or 4. wherein a component to be checked for authenticity comprises an operating 
ss 6 " ca^l" " Cteimed ^ C ' aim * 4 ° f * Wh6rein 3 C ° mponenl <° be «" authenticity comprises a plug-in 
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8. A system as claimed in any one of claims 3 to 7, wherein the security circuit (18) comprises an integrated circuit. 
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FIG. 4 
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